network security services vulnerabilities and exploits

(subscribe to this query)

Malicious code exists in the upstream tarballs of xz, starting with version 5.6.0. Through a series of complex obfuscations, the liblzma build process extracts a prebuilt object file from a disguised test file existing in the source code, which is then used to modify specific fun...

Tukaani Xz 5.6.1 Tukaani Xz 5.6.0

71 Github repositories4 Articles

Services that are running and bound to the loopback interface on the Artica Proxy are accessible through the proxy service. In particular, the "tailon" service is running, running as the root user, is bound to the loopback interface, and is listening on TCP port 7050. S...

All versions of the package github.com/greenpau/caddy-security are vulnerable to Server-side Request Forgery (SSRF) via X-Forwarded-Host header manipulation. An attacker can expose sensitive information, interact with internal services, or exploit other vulnerabilities within the...

A Heap-based Buffer Overflow vulnerability in the Network Services Daemon (NSD) of Juniper Networks Junos OS allows authenticated, low privileged, local malicious user to cause a Denial of Service (DoS). On an SRX 5000 Series device, when executing a specific command repeatedly,...

Juniper Junos 20.4 Juniper Junos 21.1 Juniper Junos 21.2 Juniper Junos 21.3 Juniper Junos 21.4 Juniper Junos 22.1 Juniper Junos 22.2 Juniper Junos 22.3 Juniper Junos

Multiple NSS NIST curves were susceptible to a side-channel attack known as "Minerva". This attack could potentially allow an malicious user to recover the private key. This vulnerability affects Firefox < 121.

Mozilla Firefox

An attacker can manipulate file upload params to enable paths traversal and under some circumstances this can lead to uploading a malicious file which can be used to perform Remote Code Execution. Users are recommended to upgrade to versions Struts 2.5.33 or Struts 6.3.0.2 or gre...

12 Github repositories2 Articles

A vulnerability in the implementation of Security Assertion Markup Language (SAML) 2.0 single sign-on (SSO) for remote access VPN in Cisco Adaptive Security Appliance (ASA) Software and Cisco Firepower Threat Defense (FTD) Software could allow an unauthenticated, remote malicious...

Cisco Adaptive Security Appliance Software Cisco Firepower Threat Defense 7.2.4

An authenticated SQL injection vulnerability exists in the BIG-IP Configuration utility which may allow an authenticated attacker with network access to the Configuration utility through the BIG-IP management port and/or self IP addresses to execute arbitrary system commands. Not...

1 Article

Undisclosed requests may bypass configuration utility authentication, allowing an attacker with network access to the BIG-IP system through the management port and/or self IP addresses to execute arbitrary system commands. Note: Software versions which have reached End of Techni...

12 Github repositories3 Articles

This flaw makes curl overflow a heap based buffer in the SOCKS5 proxy handshake. When curl is asked to pass along the host name to the SOCKS5 proxy to allow that to resolve the address instead of it getting done by curl itself, the maximum length that host name can be is 255 byte...

Haxx Libcurl Fedoraproject Fedora 37 Netapp Oncommand Workflow Automation -Netapp Oncommand Insight -Netapp Active Iq Unified Manager -Microsoft Windows 10 22h2 Microsoft Windows 11 21h2 Microsoft Windows 11 22h2 Microsoft Windows 11 23h2 Microsoft Windows 10 1809 Microsoft Windows Server 2019 Microsoft Windows Server 2022 Microsoft Windows 10 21h2

9 Github repositories2 Articles

1 2 3 4 5 6 NEXT »

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook